Cisco CEO John Chambers described IP mobility and collaboration technologies as one of the largest IT security challenges facing enterprises, and possibly one of the greatest tools for converging physical and digital security.
Speaking at The Security Standard conference in Boston this week, Chambers outlined the benefits of "quad-play" -- or the combination of data, voice and video with mobility -- and the security challenges associated with having a mobile workforce that accesses, shares and spreads data and information via a growing number of IP-enabled devices, and across multiple networks.
"The opportunity for harm, either by deliberate action, or by neglect, becomes much higher," as an enterprise workforce has easier access to data, and the ability to easily share information via IP communications, Chambers said.
While Chambers warned of the security challenges surrounding quad-play and collaboration technologies, just the day before, he described how these technologies would be the premier growth drivers for Cisco over the next four years, with a 10 percent to 15 percent compound annual revenue growth rate over time. The reason Chambers is so bullish on collaboration and quad-play technologies is because of the benefits he's already seen inside his own company, he told the Security Standard audience, which consisted mostly of CSO and executive-level IT security professionals.
"Two years ago, I would have thought that 80 percent to 90 percent of productivity would come through IP-based applications," Chambers said. "I'm now realizing that probably 30 percent to 50 percent of the productivity in our company will be based on collaboration."
The broad sharing of data and information via technology can lead to "the ability to develop [products] faster, to respond to threats faster, and to handle customer problems faster."
But in getting back to the security risks of collaboration and mobility, Chambers outlined a simple scenario.
"In the past, it might have been only five or seven people in a company who know about key data points, or key strategy elements that you are implementing," Chambers said. "Now it might be 50. So how do you control the information -- both in terms of policy and the behavior outside your organization -- to stop people from getting data you don't want them to get?"
Chambers pitched several high-level Cisco architecture concepts in his keynote as the answer to this problem -- primarily, the idea of self-defending networks, where network hardware can respond to and stop attacks on an enterprise without human intervention or monitoring. Cisco this week at the conference also demonstrated, for the first time, interoperability of its NAC self-defending technology with Microsoft's NAP defense architecture.
"The only way I know how [to secure an enterprise network] is to make it like the human body," he said. "The majority of attacks in the human body, you never know about. It's only the real exception when you have to go see a doctor."
Chambers also alluded to the tight integration of routers, switches and communications hardware and software his company claims to offer as another part of the answer.
"If you believe that your security has to go across multiple products ... it's very difficult to implant" if the products were not developed and integrated together from the beginning, he said.
On top of technology, security policies and procedures for dealing with incidents - whether it be physical security, intellectual property, data theft, or major events -- is one of the most important aspects chief security officers must consider. Chambers cited the recent events in Lebanon as an example.
"Within one hour after the notification that [the events] started, we knew where every Cisco employee was, throughout the country. Within 24 hours we already had the plans and procedures in place to take anybody out of the country that wanted to go, while most others might have been trying to find their employees within the first 24 or 48 hours."